Abstract

This document defines a "manifest" for use in the Resource Public Key
Infrastructure (RPKI). A manifest is a signed object (file) that
contains a listing of all the signed objects (files) in the
repository publication point (directory) associated with an authority
responsible for publishing in the repository. For each certificate,
Certificate Revocation List (CRL), or other type of signed objects
issued by the authority that are published at this repository
publication point, the manifest contains both the name of the file
containing the object and a hash of the file content. Manifests are
intended to enable a relying party (RP) to detect certain forms of
attacks against a repository. Specifically, if an RP checks a
manifest's contents against the signed objects retrieved from a
repository publication point, then the RP can detect "stale" (valid)
data and deletion of signed objects. [STANDARDS-TRACK]